General Insurance Article - Incident response planning is a key cybersecurity control


Despite being focused on post-breach activities, cyber incident response planning has emerged as a key cybersecurity control in reducing an organization’s likelihood of experiencing a breach-related claim, according to a new report from the Cyber Risk Intelligence Center (CRIC) of Marsh McLennan (NYSE: MMC), the world’s leading professional services firm in the areas of risk, strategy, and people.

 The report Cybersecurity signals: Connecting controls and incident outcomes, found that organizations that regularly engage in tabletop exercises and scenario-based breach response drills are 13% less likely to experience a material cyber event than those that do not.

 Since launching its 2023 research into the correlation between the 12 cybersecurity controls tracked by the cyber insurance industry and the likelihood of a cyber claim, the CRIC has continued to analyse organisations’ cyber control implementation information from Marsh’s Cyber Self-Assessment against claims. This year, cyber incident response planning ranked as the fourth most effective control in decreasing an organization’s probability of experiencing a breach-based claim, behind endpoint detection and response (EDR), logging and monitoring, and cybersecurity awareness training and phishing testing.

 “Marsh has long advocated proactive cyber incident response planning as a tool to help organizations effectively and efficiently respond to and recover from a cyberattack,” said Tom Reagan, Global Cyber Practice Leader, Marsh. “What our latest research confirms is that thoughtful planning also drives secondary benefits like positive security behaviors and strong control implementations, which help build more organisational resilience and reduce breach incidents.”

 This year’s report also highlights the importance of effectively deploying and managing other key cybersecurity controls. For instance, the report found that each jump of 25% in EDR deployment across workstations and laptops was correlated with an additional 10% decrease in breach likelihood. Similarly, a multi-factor authentication (MFA) deployment that is resistant to phishing schemes is correlated with a 9% lower breach likelihood than MFA that is not.

 “Our findings emphasize that simply deploying key cybersecurity controls is no longer enough—these tools must be properly managed and comprehensively used,” said Scott Stransky, Head of Marsh McLennan’s CRIC. “By drawing on our insights, organizations can make informed decisions to strengthen their security frameworks and help reduce their exposure to cyber risks.”
  

Back to Index


Similar News to this Story

Inside the rise of cargo theft
Cargo theft is surging worldwide, posing a growing threat to supply chains and consumer confidence. As eCommerce accelerates and global distribution n
Data Use and Access Act can trigger a gold rush for insurers
DUAA clarifies ‘legitimate interest’ – meaning insurers can confidently use first and third-party data to engage with new prospects and lapsed custome
Warning to drug and drink drivers on insurance impact
Car insurance costs four times as much for convicted drug drivers. Comprehensive policies double in price for those caught drink driving. Drug-driving

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.